From a8e4984cf7d9ed27ac25b3a73cd9d18e3cebd876 Mon Sep 17 00:00:00 2001
From: Hugo Blom <bl0m1@users.noreply.github.com>
Date: Wed, 28 Sep 2022 07:19:35 +0200
Subject: [PATCH] Add missing permissions to openstack cc (#9335)

Add missing permissions to Openstack cloud controller to make sure controller runs as intended
---
 ...l-openstack-cloud-controller-manager-roles.yml.j2 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
index 9f900759f..2ab3a5bfa 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
@@ -93,5 +93,17 @@ items:
     - list
     - get
     - watch
+  - apiGroups:
+    - authentication.k8s.io
+    resources:
+    - tokenreviews
+    verbs:
+    - create
+  - apiGroups:
+    - authorization.k8s.io
+    resources:
+    - subjectaccessreviews
+    verbs:
+    - create
 kind: List
 metadata: {}